There were no apologies for absence.

To receive details any details of members nominated to attend the meeting in place of a member of the committee.

There were no named substitutes.

To receive declarations of interests in respect of Schedule 1, Schedule 2 or Other Interests from members of the committee in respect of items on the agenda.

There were no declarations of interests.

To approve and sign the minutes of the meeting held on 14 October 2020. 

RESOLVED:

That the minutes of the meeting held on 14 October 2020 be confirmed as a correct record and signed by the chairperson.

To receive questions from members of the public.  

Questions received and responses given are attached as appendix 1 to the minutes.

To receive any questions from councillors.  

There were no questions from councillors.

To inform the committee of performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2019/20.

The information access and records manager presented the report and highlighted the following:

·        The report provided assurances that there were good operational procedures in place to deal with information requests and complaints.

·        There had been a rise in the number of complaints upheld by the Social Care and Local Government Ombudsman (LGO) and training was being arranged in order to try and reduce the numbers but there had been a delay due to Covid-19.

·        The Council is dealing with information requests within timescales

·        There were very few referrals to the Information Commissioners Office (ICO).

During the committee’s discussion of the report, the following points were raised.

·        The differences between a Subject Access Request (SAR) under the Data Protection Act, Freedom of Information (FOI) and Environmental Information Regulations (EIR) were provided.   It was noted that a SAR did require checks for identity as it related to personal information held by the Council on an individual.

·        There had been a delay in undertaking the training in connection with the increase of upheld LGO complaints due to Covid-19.   The team had been redeployed to support the Council’s response to the pandemic.  Training had now been arranged with the LGO and guidance for investigating officers had been produced.

·        The LGO had stopped taking new cases in April 2020 and had re-started in September 2020.   This may have an impact on the figures for the municipal year 2020/21

·        There had been an increase in the disagreement of the decisions in connection with children’s complaints.   This process enabled children and young people to make complaints or for someone to make a complaint on their behalf.   There were not any specific themes, it related more to areas.   The children’s directorate management team had gone through the complaints in order to learn from them.

·        Approximately 50% of schools had signed up to a service level agreement (SLA) to provide professional advice and act as the school’s data protection officer (DPO).   A DPO was required under the General Data Protection Regulations (GDPR).  

·        There were regular reports to directorate management teams and management board.   There were a range of reasons for mistakes happening and the directorates looked at the learning / recommendations.   This could result in changes in processes or training for staff.  

·        It was noted that the volume of requests / complaints were stable compared to other years.   However, SAR had grown significantly once those requests could be made for free.

·        It was noted that the cost to the Council was primarily staff costs and that the people submitting requests did expect an answer straightaway.  

·        The team have been encouraging directorates to publish as much information as possible.

·        It was confirmed that information held on Mosaic was used when there was an SAR.   It was further confirmed that the access controls in Mosaic had been audited by internal audit.

Recommendation(s)

That

the information set out in the report regarding requests for information, data protection compliance and complaints over the past year were reviewed with regard to any risks arising.  ...  view the full minutes text for item 31.

South West Audit Partnership (SWAP) presented the report and highlighted that since the last update to the committee:

·        Four audits had been completed, four audits were at report stage and there were twelve audits in progress

·        Nine additional audits or grant certifications had been undertaken

·        The direct payment pre-paid card audit (children and families) had been replaced with an education health and care plans – annual reviews audit. This is due to the service area not fully rolling out pre-paid cards at this time. It had been proposed to defer the original audit to the 2021/22 plan which had been agreed with the Director of Children and Families.

·        The internal audit plan may continue to be revised due to the Covid-19 work required by government.   There may also be disruption if officers are required to be deployed in order to support the Council’s response to the pandemic.

As part of the discussion of this item, the following points were raised: 

·        The advisory audit in connection with NMiTE was in connection with the accountable body status and this work had been concluded.   A copy of the report would be sent to the committee members.

·        A decision was in the process of being taken to purchase 75 additional audit days.  The decision would be taken by a member of the finance team as the chief finance officer was a director of SWAP.

·        It was anticipated that these additional days would be funded from the burdens grant received from government as the Council was able to recover its reasonable costs as part of the grant criteria.

·        There were ongoing discussions as to the use of the 75 days but it was hoped that the additional days would enable the internal audit plan to be delivered.   SWAP confirmed that there was sufficient resource within their organisation to cover the additional days.

·        The next progress report was likely to show that there had been additional requests for internal audit work as grant monies were coming through to the Council.

·        In relation to the loss of monies special investigation in children’s, it was confirmed that money had gone astray.  The money had been stored in an envelope in a safe which a number of staff members had access to.  As part of the lessons learnt, money should banked and there was a need for the Council to become a cashless organisation.   It was very unlikely that the money would be recovered and that the matter had been referred to the police.   The sum of money involved was £1,500.

RESOLVED that

the chief finance officer and monitoring officer consider that the Hereford city centre  transport governance review undertaken by internal audit be circulated to the committee.  

To review the progress of audit recommendations implementation.

The head of corporate performance presented the report and highlighted the following:

·        64% of recommendations due in the future (as set out in appendix 2) are either on track to be completed on time, or have already been completed.   

·        The one outstanding external audit recommendation was now completed and would be reported as part of the annual governance statement.

In discussion of the item, it was:

·        Noted that there may be an inconsistency in wording between the internal audit recommendation (property maintenance schools) set out on page 64 of the agenda pack and the corporate risk CRR 50 (school assets) set out on page 80 of the agenda pack.  The head of corporate performance was requested to seek clarification and provide an update to committee members.

·        Queried whether the dates for continuing healthcare and brokers were realistic given Covid-19.  The head of corporate performance confirmed that these dates were provided by the responsible officer but he could continue to challenge about setting appropriate dates.   It was agreed that the director of adults and communities would be invited to the next committee meeting when the corporate risk register was due to be discussed [March 2020].

·        Completion dates were agreed with the relevant manager and SWAP would expect that there would progress to implement recommendations if the completion dates would not be met, especially in connection with priority 1 and 2 recommendations.

·        Savings targets are set by the council when agreeing the budget at the budget setting council meeting.   There is monitoring throughout the year but the targets may be revisited.  Any changes will be dealt with by cabinet or cabinet member.   If there are significant changes, then these would be considered by Council.

·        A briefing for members on Verto was requested as it was noted councillors had not yet had a formal introduction to the system.   It was agreed that this would be considered by the management board.

RESOLVED that

a)     The head of corporate performance request that clarification is provided in connection with the internal audit for property maintenance for schools [page 64 of the agenda pack] and corporate risk register [CRR 50 on page 80 of the agenda pack] as there appears to be an inconsistency between the two sets of narratives.

b)     That the director of adults and wellbeing be invited to the next committee meeting when the corporate risk register is due to be presented.  

c)     Management Board to consider an all members’ briefing session on Verto. 

To consider the status of the council’s corporate risk register in order to monitor the effectiveness of risk management within the Performance Management Framework.

The head of corporate performance presented the report and highlighted: 

·       The risk registers were as at 30 September 2020.

·       There were 18 new risks.

·       Comparisons with previous quarters had been removed due to the move to the new format.   Comparative information would be added for future reports.

·       Further work was required in order to embed the new framework.

·       Assistant director risk management leads had now been identified and training was being arranged for them.

In discussion of the item, it was noted that:

·       Any risk in connection with Public Health would be incorporated into the corporate support risk register.

·       The Covid-19 risk register set out the risks to Council services in connection with the pandemic.

·       Under the new framework, if there were high level risks then there must be mitigating activity which is SMART in order to reduce the risk.      

·       There were links in the risk register which aligned the risk to the relevant area in the County Plan.

·       In the Quarter 2 budget and performance report to Cabinet, there should be consistency between the risk register and the report.   As the Covid-19 risks potentially sat across all three directorates, this may be a corporate risk (rather than be replicated across the three directorates risk registers).

·       Currently the public health risk register would be sat as a service risk register but risks could be escalated to the relevant risk register.

·       The head of corporate performance would request a briefing note on the economy and place risk EP23 (Ash Die back [Chalara]) which would also include details of how it linked to the tree strategy which was being developed.

·       It was noted that 1-2 of the risks needed to be considered in a wider context.  The example of the phosphate risk was used to illustrate that it was also a risk to the environment, tourism, etc and not just the housing land supply.

·       There was a need to capture the severity of risk and the impact on the council and the county. The Covid-19 risk was used as an example.

·       That the mitigation in connection with CRR 04 (Human Rights Claims) appeared to have an increase in the risk score so it was queried whether the risk had changed.

·       That the risk CRR31 (South Wye Transport Package) may have changed and it was queried whether the risk had now crystallised. 

·       There may need to be a risk in connection with animal disease given the nature of the county and because there had been an outbreak of Avian influenza. 

·       Risks will considered in a more holistic manner and there will be an annual comparison with the national risk register and what neighbouring councils are doing.

RESOLVED that

the head of corporate performance request that a briefing note is provided in connection with EP risk 23 (ash die back) and how it sits within the overall tree strategy

the head of corporate performance request that a briefing note is provided in connection with EP20, in particular more detail to be provided  ...  view the full minutes text for item 34.

To provide an update on the work programme for the committee.

It was noted that the reports in connection with the external audit findings, annual governance statement and statement of accounts had been deferred.  The chief finance officer confirmed that the statutory deadline would be missed and that it was anticipated that the three reports would be presented to the committee at its meeting in January 2020.  It was further noted that if the reports became available earlier, then a request for an additional committee meeting would be made to the chairperson.

RESOLVED that

The work programme for the audit and governance committee be approved.